General > Installation issues
[Resolved] 12.04 - firewall issues?
ardirtbiker:
I installed 12.04 from the July 19th image 29194.
after install completed (hybrid core), the MD came up fine. In Firefox, I can navigate pages. Apt update/install works as well. When 'pinging' from core (ping ubuntu.org), the name gets resolved to an IP, but ping times out. Cannot ping localhost or dcerouter either. Pinging IPs fails too.
Additionally, a workstation getting an IP from the core (Non-MD) cannot ping anything.
I installed ufw... and ran the command 'ufw enable' followed by 'ufw reset'. Ping started working. However on reboot of the core, everything reverts back to LMCE default Firewall settings.
Is there a workaround? I didnt see any posts in the forums by others with same issue.
Dennis
Marie.O:
29194 should have the firewall fixes included. If things are not working get a hold of Alblasco1702 in irc to figure out what's still missing.
Alblasco1702:
ardirtbiker:
can you put the output of "sudo iptables -vnL" (without the " ") here?
So i can check the firewall config.
Thnx
ardirtbiker:
I did a re-install of 12.04 this evening and verified the same thing happens.
here is the output of iptables -nvL:
--- Quote ---Chain INPUT (policy DROP 8041 packets, 2013K bytes)
pkts bytes target prot opt in out source destination
66532 78M BLOCKLIST all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x29
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x3F
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x00
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x06
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x03/0x03
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x11/0x01
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x37
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1
6543 1173K ACCEPT tcp -- lo * 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
795 116K ACCEPT udp -- lo * 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
50860 75M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
307 77973 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 /* Allow_DHCP */
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:68 /* Allow_DHCP */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- lo lo 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
0 0 ACCEPT udp -- lo lo 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
Chain OUTPUT (policy ACCEPT 51507 packets, 4357K bytes)
pkts bytes target prot opt in out source destination
Chain BLOCKLIST (1 references)
pkts bytes target prot opt in out source destination
1 40 DROP all -- * * 218.77.79.0/24 0.0.0.0/0
0 0 DROP all -- * * 217.12.221.0/24 0.0.0.0/0
0 0 DROP all -- * * 198.20.69.0/24 0.0.0.0/0
0 0 DROP all -- * * 192.81.130.0/24 0.0.0.0/0
0 0 DROP all -- * * 185.56.80.0/24 0.0.0.0/0
0 0 DROP all -- * * 162.253.66.0/24 0.0.0.0/0
0 0 DROP all -- * * 125.96.160.0/24 0.0.0.0/0
0 0 DROP all -- * * 124.232.142.0/24 0.0.0.0/0
0 0 DROP all -- * * 93.180.5.0/24 0.0.0.0/0
0 0 DROP all -- * * 93.174.93.0/24 0.0.0.0/0
0 0 DROP all -- * * 84.200.17.0/24 0.0.0.0/0
0 0 DROP all -- * * 78.187.174.0/24 0.0.0.0/0
0 0 DROP all -- * * 71.6.216.0/24 0.0.0.0/0
0 0 DROP all -- * * 71.6.167.0/24 0.0.0.0/0
0 0 DROP all -- * * 71.6.165.0/24 0.0.0.0/0
0 0 DROP all -- * * 66.240.236.0/24 0.0.0.0/0
0 0 DROP all -- * * 66.240.192.0/24 0.0.0.0/0
0 0 DROP all -- * * 66.154.119.0/24 0.0.0.0/0
0 0 DROP all -- * * 46.148.130.0/24 0.0.0.0/0
0 0 DROP all -- * * 41.135.113.0/24 0.0.0.0/0
--- End quote ---
and here is the output of 'host linuxmce.org'
--- Quote ---linuxmce.org has address 193.200.112.137
linuxmce.org mail is handled by 10 mail.linuxmce.org.
--- End quote ---
and the output of 'ping linuxmce.org' (note that I had to kill the process.. it never stopped)
--- Quote ---PING linuxmce.org (193.200.112.137) 56(84) bytes of data.
--- linuxmce.org ping statistics ---
940 packets transmitted, 0 received, 100% packet loss, time 946511ms
--- End quote ---
/etc/network/interfaces looks correct:
--- Quote ---#####
# Loopback interface
#####
iface lo inet loopback
#####
# IPv4 network interfaces
#####
# --- External NIC ---
iface eth0 inet dhcp
pre-up sysctl -q -e -w net.ipv6.conf.eth0.disable_ipv6=1
# --- Internal NIC ---
iface eth1 inet static
address 192.168.80.1
netmask 255.255.255.0
pre-up sysctl -q -e -w net.ipv6.conf.eth1.disable_ipv6=1
# DNS Settings for Internal Net
dns-nameservers 192.168.80.1
dns-search LinuxMCE
#####
# Activating interfaces
#####
auto eth0 eth1 lo
--- End quote ---
Since 'host' command returns a result I know name resolution is working and I can get to the public internet. Ping returns a name resolution as well, but I do not get any 'ping' results back. I'm thinking this is something to do with the firewall... but I'm not all that experienced with firewalls to say for certain.
Dennis
ardirtbiker:
Any ideas on this?
Dennis
Navigation
[0] Message Index
[#] Next page
Go to full version